Bidding Doc Domain

Security checks across malware telemetry and agentic risk

Overview

This is mainly a bidding-document reference skill, but it tells the agent to automatically install and load another skill during activation, so users should review it before installing.

Install only if you are comfortable with the skill causing an agent to install and use universal-task-os for bidding workflows. Before use, confirm any dependency installation yourself, avoid providing unnecessary confidential bid or company data, and review generated documents carefully before submission.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

Medium

Confidence: 85% confidence
Finding: The skill claims to be a read-only reference repository, but later instructs the agent to automatically install and load Universal Task OS and use it to execute document-generation workflows. This mismatch is dangerous because it can mislead users and reviewers about the skill's actual behavior, reducing informed consent and masking downstream system-changing actions.

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger phrases are broad, common domain terms such as 标书, 投标, and 招标, which are likely to appear in ordinary conversation and unrelated reference requests. This increases the chance of unintended activation, potentially causing the agent to enter a sensitive workflow that requests business data or attempts dependency actions without clear user intent.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The skill directs automatic installation of a dependency during activation without a clear user warning or consent step. Any automatic installation or environment modification is high risk because it changes system state, may introduce unreviewed code paths, and could be abused through unintended activation or dependency compromise.

Ssd 4

Medium

Confidence: 84% confidence
Finding: The workflow anticipates collecting and processing large volumes of sensitive bidding and company information across multiple stages, yet it does not define minimization, retention, deletion, or scope boundaries. In a procurement context, these documents can contain confidential pricing, qualifications, identities, and strategy details, making overcollection and persistence materially risky.

Ssd 3

Medium

Confidence: 81% confidence
Finding: The skill explicitly instructs the agent to propagate user-provided business details such as project names, identifiers, quotes, and timelines throughout the full document set. While functionally relevant, unrestricted reuse of sensitive data across outputs increases the blast radius of accidental disclosure, logging exposure, and cross-document leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal